mirror of https://github.com/MISP/misp-website
4.0 KiB
4.0 KiB
layout | title | permalink | toc |
---|---|---|---|
page | COVID-19 MISP | /covid-19-misp/ | true |
COVID-19 MISP Information Sharing Community
COVID-19 MISP is a MISP instance retrofitted for a COVID-19 information sharing community, focusing on two areas of sharing:
- Medical information
- Cyber threats related to / abusing COVID-19
- Disinformation about COVID-19
The information sharing community has a low barrier of entry, everyone can contribute and use the data. By default, the information is classified as TLP:WHITE for broader distribution and usefulness.
Who is the target audience for this community ?
- Anyone wanting to gain situational awareness in regards to the current COVID-19 situation
- Security practitioners trying to fend off covid related attacks
- Those wanting to share, collaborate, visualise, automate data
- All data is contextualised as either medical or security related information to make filtering as easy and convenient as possible
Why use MISP for such a context?
- We are obviously interested on a personal level, as is everyone
- Information sharing is what we do anyway
- The tools that we are building are expanding our capabilities for the future
- Bridging different domains affected in different ways can reveal correlations
How to get access to the COVID-19 MISP
Access can be requested to CIRCL by sending an email to CIRCL. A self-registration is also available.
Training
Public Feeds generated from COVID-19 MISP community
Two public feeds are automatically generated from COVID-19 MISP. A filtered feed with the sources being selected by the MISP project team and another with all IOCs shared in the covid-19 MISP community.
How are the public feeds generated
As the MISP API is quite versatile, the script to generate the public feeds is described below:
curl \
-d '{"returnFormat":"csv","tags":["pandemic:covid-19=\"cyber\""],"enforceWarninglist":1,"requested_attributes":["value","type","event_info"]}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
> /var/www/MISP/app/webroot/public/covid_misp_full_ioc_list.csv
chown www-data:www-data /var/www/MISP/app/webroot/public/covid_misp_full_ioc_list.csv
curl \
-d '{"returnFormat":"csv","org":["CIRCL"], "enforceWarninglist":1,"requested_attributes":["value","type","event_info"], "tags":["pandemic:covid-19=\"cyber\""]
}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
> /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
curl \
-d '{"returnFormat":"csv","eventid":[262, 372, 269],"enforceWarninglist":1,"requested_attributes":["value","type","event_info"],"tags":["pandemic:covid-19=\"c
yber\""], "headerless": 1}' \
-H "Authorization: [API KEY]" \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-X POST https://covid-19.iglocska.eu/events/restSearch \
>> /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
chown www-data:www-data /var/www/MISP/app/webroot/public/covid_misp_filtered_ioc_list.csv
How to access the COVID-19 MISP
- The url of COVID-19 MISP is the following https://covid-19.iglocska.eu.